POLICING the world
The FBI’S encrypted phone sting spied on thousands of criminals worldwide. But why were none targeted in the United States?
IN 2018, a San Diego-led, US federal sting secretly launched an encrypted communications company.
Over the next few years, FBI agents, working with law enforcement partners in Australia, New Zealand and Europe, seeded thousands of spyware-infected phones into the hands of criminals and used them to build cases against 300 organised crime groups, from biker gangs to Italian mafia cells, around the world.
But one country was off-limits for investigating agents: the United States.
While some 800 people were arrested throughout Europe and Australia in widely publicised takedowns announced last month, no one was arrested in the US.
The US attorney’s office in San Diego is prosecuting 17 people tied to the sting, dubbed Operation Trojan Shield.
All are foreign nationals who will need to be extradited; some remain fugitives.
That has left some to wonder why domestic organised crime groups were left out of such a high-profile, Us-orchestrated operation.
A mix of civil rights protections and bureaucratic wrangling – and the ghost of a previous federal sting gone horribly wrong – were likely at play, according to experts and people close to the investigation.
The FBI declined to elaborate on the decision-making process behind how the investigation was structured, citing the ongoing prosecution.
An FBI spokesperson referred questions to the US attorney’s office, which also declined to comment.
It’s not unusual for the FBI to investigate crimes internationally to protect US interests, often with the cooperation of allied governments.
Advances in technology and ease of global travel have increasingly made many criminal organisations transnational in scope – from drug trafficking to ransomware attacks to cyber fraud and more.
This particular sting was the culmination of years of casework that the FBI and US attorney’s office in San Diego had already put in surrounding the business of encrypted devices.
Along the way, they developed close working partnerships with other countries where these devices have proliferated among criminal enterprises.
While encryption apps are widely used and accessible to the general public – from email services such as Proton to messaging platforms including Whatsapp and Signal – hardened encrypted devices are less common and often come with a steep price tag.
The devices are cellphones stripped of all the usual capabilities and connectivity.
They are instead equipped with an encrypted messaging system that allows users to communicate only with other devices on the same closed-loop system.
>frompage1
The service often comes with the option to request a remote wipe of the phone’s data if a breach is suspected.
Three years ago, San Diego FBI and federal prosecutors – with assistance from Australia and Canada – took down one of those providers, Phantom Secure, which had marketed its services specifically to criminal organisations.
The idea of creating a shadow company, developed and operated by the FBI, was born soon after.
Designing a sting
They called the company Anom. They adopted existing hardware and new-generation technology that had been developed by a former Phantom Secure distributor, who agreed to cooperate with authorities to possibly earn a reduced sentence for the criminal charges he was facing, according to a search warrant affidavit laying out the operation’s genesis.
The FBI and Australian Federal Police then built a master key into the device’s encryption system, allowing law enforcement to secretly decrypt and store the messages as they were transmitted.
But legal questions loomed. How would the sting square with civil rights protections in the United States and similar laws abroad?
The most obvious consideration was the Fourth Amendment, which prohibits law enforcement from indiscriminately eavesdropping on US citizens without court authorisation.
However, the Fourth Amendment protection does not apply to nonresident foreign nationals on foreign soil, according to a 1990 US Supreme Court decision.
That decision stemmed from a case involving US participation in the search of a Mexican citizen’s home in Mexico. (The defendant was suspected of being involved in the murder of US Drug Enforcement Administration Special Agent Enrique “Kiki” Camarena, an Imperial Valley native.)
Any interceptions in the US would need to be done through wiretaps, which judges grant as a last-resort investigative technique and are subject to strict requirements to minimise privacy concerns.
Instead, the Department of Justice (DOJ) focused the operation on foreign users operating abroad, who don’t fall under the same constitutional protections.
The US also took other steps to protect domestic privacy interests, according to court records.
The server that collected and decrypted all of the messages coming in from Anom phones was not placed in the US, but rather hosted by a cooperating country.
That prevented Anom communications in border areas in Mexico and Canada from possibly pinging off cell towers sitting just inside the US and being inadvertently intercepted by the FBI.
The US negotiated with the unnamed cooperating country to obtain a court order through its own legal framework to host the server, which then copied the messages to the FBI, according to court documents. The assisting country did not review the messages but merely routed them to the FBI.
The plan was made through a Mutual Legal Assistance Treaty, which are agreements negotiated separately with countries that set out how to cooperate with each other in investigations, including the exchange of information and evidence.
The sting’s designers also erected a geofence around the US, meaning any Anom messages that appeared to be sent from within the US were blocked by a virtual boundary from being read by the FBI’S server.
Instead, those messages were flagged, and Australian authorities reviewed them for threatto-life purposes only, per their own judicial order.
“In our country, the laws circumscribing the ability of the DOJ to lawfully intercept communications are fairly onerous,” said Phillip Halpern, former prosecutor and chief of the US Attorney’s Office’s Major Frauds and Special Prosecution Section, which instituted the operation.
He retired partway through the investigation.
“That’s the reason why, in so many ways, it is politically advantageous to lean on law enforcement in other parts of the world that might not be operating under quite the same restrictions we are operating under,” he said.
Still, even that wasn’t easy. “Navigating this was a complete minefield. It did take an extraordinary amount of vision simply to be able to bring off the case,” he said, crediting thenassistant US Attorney Andrew Young for continuing to find solutions and push the case forward.
“Enormous hurdles had to be overcome.”
By the time the FBI servers got up and running, in late Oct 2019, there were hundreds of Anom users, mostly in Australia, where the sting had been launched a year prior under Australian legal authority as a test.
Australia was also a country where the confidential informant was able to tap into existing contacts in criminal distribution networks to get the sting rolling.
The phone’s customer base continued to expand, as word of mouth spread among criminal organisations in various countries.
In 2020, European authorities dismantled another encrypted device provider, Encrochat. Then a San Diego FBI investigation shut down yet another, Sky Global.
The takedowns created a vacuum that sent more criminal users to Anom. And the FBI was listening all the while.
Some 27 million messages, many of which had to be translated, were read by agents in San Diego.
They were coming in from some 300 criminal groups operating in more than 100 countries around the world.
Pertinent information was forwarded to trusted cooperating countries, which were building investigations against their own organised crime networks.
But what about the US?
Blind in the US
There were initial plans to eventually bring the sting to the US, following legal requirements, according to a person close to the investigation.
The plan included obtaining court authorisation to both monitor Anom phones that organically arrived in the US, as well as pivot to a more proactive effort to insert devices into certain domestic criminal networks that were already under investigation.
But the plan did not get the approval needed to move forward, according to the source.
Approximately 15 devices did make their way to the US, according to court records. Messages from those devices that were sent to other Anom devices were not reviewed by the FBI but were likely read by Australian authorities for possible threats to life, as set out in the protocol.
There is no further public record about the identities of those users, to whom they were talking, or if the Australian reviews prompted any additional action.
If the FBI had wanted to read those messages in real time, it would have had to meet a high bar to obtain a US court-approved wiretap, then follow stringent reporting and disclosure requirements.
Part of the analysis in granting such a request would likely include whether the probable-cause evidence was obtained through legal means – a theory known as “fruit from the poisonous tree”.
Legal experts say the decision would likely hinge on specific facts surrounding a particular phone, including who obtained it and how, and whether the recipient or source had a criminal background.
“The short answer is, of course it’s possible,” former San Diego federal prosecutor Jason Forge, who was not involved in the case, said of the ability to get a wiretap in such circumstances.
Halpern, the retired prosecutor, agreed that developing probable cause in this instance doesn’t seem like it would have been a stretch.
“This is something every American has the right to worry about, but when you have a network being used exclusively for illegal activities, one would hope that law enforcement was able to develop sufficient additional (indications) of criminality to allow a wiretap,” he said.
But there were likely other hurdles to consider.
Hard decisions
The sting was operating in the shadow of another undercover operation, one that had allowed guns to “walk” into Mexico and went tragically awry.
Dubbed “Operation Fast and Furious”, the Arizona-based series of stings by the US Bureau of Alcohol, Tobacco, Firearms and Explosives and US attorney’s office was meant to expose straw purchasers who were trafficking firearms south of the border, as well as the high-level cartel figures who eventually procured the weapons.
Several of the 2,000 guns that the US government was tracking and had let loose into Mexico were later found at crime scenes on both sides of the Us-mexico border.
Two were recovered from the murder scene of US Border Patrol Agent Brian Terry in Arizona in 2010.
The operation was widely condemned and caused a diplomatic rift between the US and Mexico.
The ghost of Fast and Furious has shaped the landscape of undercover operations since then.
“I would imagine this one, too,” Halpern said.
While the Anom sting wasn’t putting deadly weapons into the world, it was distributing devices on which criminal acts could be planned and executed. It risked a similar nightmare scenario: a heinous crime being orchestrated on Fbi-supplied phones.
The DOJ and its foreign partners put plans in place to minimise serious criminal acts when possible, balancing the need to build their cases with the public’s safety. Court records and law enforcement authorities cite numerous instances of drug shipments being intercepted in ports across the world, murder plans thwarted and suspects being arrested along the way – long before the sting was made public.
That dilemma comes with potentially higher stakes in the US – not just politically but logistically.
If US authorities decided, after intercepting communications, that a target in the US needed to be arrested for the public’s safety in the midst of the operation, that defendant would then be entitled under US due-process laws to see the evidence against him.
And letting that information out could severely threaten the entire sting and put operatives in danger, Forge said.
That, combined with the spectre of Fast and Furious, made for a potentially no-win situation when it came to deciding whether to include US targets, he said.
“If they bust somebody, you could jeopardise the investigation. If you don’t bust somebody, you risk political fallout,” said Forge, who is now in private practice in San Diego.
“It seems to me this is one of those situations where they decided to come on the side of not even risking falling into the hornet’s nest.”
Halpern said the DOJ’S apprehension was wholly justified.
“These nerves are, in fact, important to our administration of justice,” he said. Still, he questioned whether the investigation fell short of its full potential with the apparent exclusion of Anom from the US.
“It took extreme political sensitivity to figure out how we can do this, which calls should we listen to, which ones do we let go on, which ones to stop.
“We in law enforcement have an obligation to strike the appropriate balance.
“In the US, it came down to being cautious. I would have liked to see the same level of prosecution here that happened overseas,” Halpern said.
US investigators did get at least one court-ordered search warrant in the case – a permission that allows agents to seize past communications rather than intercept them in real time on a wiretap.
In May, the FBI asked a judge for permission to search a Gmail account that was suspected of being used to coordinate a 6kg shipment of cocaine from Carlsbad to Australia.
The probable cause for the warrant included messages between two Anom users – believed to be located in Australia and Armenia, not the US.
The search warrant was sealed from public view until June 8, the day of mass arrests around the world and a host of news conferences announcing the historic operation.
“The FBI agents who worked tirelessly on this operation deserve every ounce of credit for its success,” Young, the former prosecutor who helped develop the sting before leaving the US attorney’s office for private practice, said in a statement.
“They, and the line prosecutors who supported them, did everything in their power to maximise the potential reach of this once-in-a-lifetime opportunity.” – The San Diego Union-tribune/ Tribune News Service